Are Your Backups Safe From Ransomware? Your 8-Point Checklist for Backup Security & Data Protection

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise technology. In this feature, Continuity‘s CTO Doron Pinhas offers

The average cost of recovery from a ransomware attack has more than doubled in a year, according to a Sophos survey.

The global report also shows that just 8% of organizations manage to get back all of their data after paying the ransom.

With the increased number and sophistication of ransomware attacks, it’s not a matter of if, but when. And when it does happen, your ability to recover clean and up-to-date backup files is your last line of defense.

• The Conti ransomware gang has developed novel tactics to demolish backups The majority of targets who pay the ransom are motivated by the need to restore their data.
• The ransomware gang, Hive, is known to seek out and delete any backups to prevent them from being used by the victim to recover their data.

In this new Dummies Guide to Ransomware Resiliency for Enterprise Storage & Backup, discover the new threat tactics, and get a list of practical tips and solutions to secure these critical systems, protect your data, and ensure recoverability.

Backup & Security Checklist

Your 8-Point Checklist To Secure Your Backups

A ransomware attack is a horrible time to discover that your backups are not secure, so to help, here’s an 8-point checklist to determine whether your backups are sufficiently secured, and whether data is fully protected.

Do your security incident-response plans include cyberattacks on your backups? If so, what’s included:

• Recovery from a complete wipe of a storage array
• Recovery from a complete corruption of the SAN fabric configuration
• Recovery from ransomware

Is there a complete inventory of your storage and backup devices, that includes the current security status for each one?

• All backups, archive environments, storage arrays (block, file, object), and SAN switches
• Storage software versions (storage OS, firmware deployed), and, in particular: patching status, known CVEs, and actual resolution status
• What is backed up? Where? How?
• Which storage & backup protocols are allowed? Are all obsolete and insecure protocols disabled

Is there comprehensive and secure event logging and auditing of your backups?

• Including: central log services, redundant and tamper-proof records, and redundant and reliable time service

Are you able to audit the configuration changes?

• e.g., what changed and when – in device configuration, storage mapping, and access control?

Is there a well-documented, and enforced separation of duties for your backups?

• e.g., separate admins for storage, backup, and disaster recover in each environment

Are all storage and backup administrative-access mechanisms documented?

• e.g., which APIs are open, how many central storage management systems can control each storage device, and are there any servers or OS instances that can control storage

Are existing mechanisms for ransomware protection, air-gapping, and copy-locking used?

• Is there an audit process to verify they are correctly deployed at all times

Is the security of your backups regularly audited?

• Does this audit process include: SAN communication devices, storage arrays (block, file, object), server-based SAN, and backup?

Take the 2-minute Ransomware Resiliency Assessment for Backups, and get your own maturity score and practical recommendations – to help protect your data, and ensure recoverability.